Cyber Incident Victim: Texas Orthopaedics & Sports Medicine

Texas Orthopaedics & Sports Medicine (TOSM) detected suspicious activity involving its internal information systems on November 28, 2022. The organization promptly engaged external forensic and data security specialists to investigate the incident. The investigation determined that an unauthorized third party had accessed and extracted information from TOSM's systems during a specific eight-day window between November 22 and November 29, 2022. Compromised data included sensitive patient information such as dates of birth, medical diagnoses, disability status details, driver's license numbers, comprehensive health insurance information (including group/plan numbers and policy details), and medical history records. The breach affected 537 individuals whose data resided on the compromised systems. TOSM's notification stated no evidence emerged suggesting actual misuse of the stolen information following the incident.

Upon confirming the breach, TOSM implemented immediate containment measures including system-wide password modifications to secure its environment. The organization notified relevant regulatory authorities, including the U.S. Department of Health and Human Services (HHS), in compliance with breach reporting obligations. As a precautionary response to potential identity theft risks stemming from the exposed data elements, TOSM offered affected individuals complimentary credit monitoring and identity protection services. The organization publicly committed to enhancing its security posture through the implementation of additional protective measures to prevent recurrence of similar incidents, though specific technical or procedural changes were not detailed in available disclosures. Forensic analysis focused on determining the intrusion's scope and identifying affected individuals for notification purposes.